Forensic Science International: Digital Investigation 48 (2024) 301698 


Contents lists available at ScienceDirect 


Digital 


Investigation 


Forensic Science International: Digital Investigation 


ELSEVIER 


E 


journal homepage: www.elsevier.com/locate/fsidi 


Check for 
updates 


Case of study for in situ memory reading on damaged MultiMedia Card 


F. Thomas-Brans **", A. Fukami®', Q. Clement“, Th. Heckmann ®, D. Sauveron ° 


è Research Center of the French Gendarmerie Officers Academy (CREOGN), Department of Research, Avenue du 13ème Dragons, 77000 Melun, France 
> Ecole normale supérieure, Information Security Group, Computer Science Department, 45, rue d’Ulm, 75230 Paris, France 

€ XLIM (UMR CNRS 7252 / University of Limoges), Faculté des Sciences et Techniques, 123, avenue Albert Thomas 87060 Limoges, France 

4 ESIEA, 38 Rue des Docteurs Calmette et Guérin, 53000 Laval, France 

© Netherlands Forensic Institute, Laan van Ypenburg 6, 2497 GB Den Haag, the Netherlands 

f University of Amsterdam, Science Park 904, 1098 XH Amsterdam, the Netherlands 


ARTICLE INFO ABSTRACT 
Keywords: As the storage requirements of systems have increased, the evolution of data storage technologies has undergone 
Data extraction a major shift. System manufacturers have recently switched from traditional flash technology to MultiMedia 
Diagnostic Cards (MMC), which are embedded memories with a dedicated controller. This technology allows for faster data 
Flash Soy sae ž . š see gi 

: transfer, greater reliability, and an increase in the storage capacity of a component as well as its lifespan. By 
Forensic Š P ; era oe . 
Hardware design, the main weakness of these medium lies in the controller. If the controller fails to respond, the memory 


becomes unusable, which may negatively impact the user and the forensic expert who intends to retrieve essential 
data. The aim of the paper is to provide an overview of MMC technologies through their data transfer protocols. 
The main contribution is to share a diagnostic approach for extracting data from a flash chip controlled by 
a defective controller, based on the insights from a case study analysis. This work involves the study of the 
hardware conception of the MMC system as well as the reverse engineering and manipulations of the board 
with special equipment like X-Ray tomography, laser ablation, computer numerical control technology and logic 


Reverse engineering 


analyzer. 


1. Introduction 
1.1. MultiMedia Card 


The MultiMedia Card (MCC) is an evolution of the NAND type mem- 
ory traditionally used for data storage in embedded electronic systems. 
Until the end of the 1990s, the most efficient data storage was achieved 
via flash memories which were based on Not-AND (NAND) or Not-OR 
(NOR) technologies. In 1997, the manufacturers Sandisk and Siemens 
joined forces to design a more powerful memory system (Frederic et al., 
2010) called MultiMediaCard (MMC). It is no longer an isolated mem- 
ory, but a complete system containing one or more memories of the 
same technology connected to a controller. The role of the controller 
is to manage the data efficiently to increase the life expectancy of the 
memory cells and correct read/write errors. In addition, combining sev- 
eral memory chips in the same package allows to multiply the storage 
capacity without increasing the size of the package. The objective at the 
time was to design removable storage with a larger capacity. 


* Corresponding author. 


From the MMC technology, several similar products were created. 
In 2000, SanDisk, Panasonic and Toshiba joined forces to found the SD 
Association (SDAssociation, 2022) and develop the Secure Digital (SD) 
memory card. This new product has the same internal architecture as 
the previous cards, but the controller used a new protocol of exchanges 
between the host and the memory chips. 

Based on the same architecture as the SD standard, the embed- 
ded MultiMedia Card (eMMC) component was introduced in 2007 by 
the JEDEC standard JESD84-A41 (JEDEC, 2007). In contrast to the SD 
cards, the eMMC component is no longer intended to be a mobile stor- 
age medium, but an integrated storage solution within the system. The 
aim is to replace conventional flash memories on systems with compo- 
nents that are more compact and have a greater capacity. 

At the end of the 2000s, technological developments and the pro- 
liferation of mobile equipment fostered the development of the SD and 
eMMC standards. The need for greater storage volume and faster trans- 
fer speed necessitated the use of memory chips with more efficient 
protocols. A new family of memory has emerged that uses a differ- 
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Fig. 1. Smartphones sales evolution in the world between 2007 and 2021 
(source: Gartner). 


ent host exchange protocol. This technology called Universal Flash 
Storage (UFS) was standardised in 2011 by JEDEC JESD220 (JEDEC, 
2011). Over the past decade, SD, eMMC and UFS technologies have 
continued to evolve to increase transfer speed, resulting in upgrades to 
eMMC 5.1 (JEDEC JESD84-B51A (JEDEC, 2019)) and UFS 3.1 (JEDEC 
JESD220E (JEDEC, 2020)) standards. 

In the field of digital forensics, it is important to keep up with tech- 
nological advancements. The strong development of a technology in a 
market such as telephony (Fig. 1) or embedded multimedia systems in- 
creases the probability of having to expertise such storage medium. 

Another parameter conditioning the importance of mastering the 
expertise of new technologies is the sensitivity of an investigation case. 
Taking the example of the terrorist attack in San Bernardino in Decem- 
ber 2015 (Nagourney et al., 2015), one of the shooters had an iPhone 
5C. As this phone was released in September 2013, two years prior to 
the attack, the FBI did not have the opportunity to reach proficiency 
in unlocking or extracting data from it. To deal with the support, the 
FBI sought assistance from Apple, which refused, arguing that this goes 
against the company’s client protection policy (Heckmann, 2018). 

This example of inability to process a medium in a sensitive case il- 
lustrates the importance of looking at a technology such as MMCs. In 
previous work, the authors focused their research on the initial diag- 
nosis of SD technology cards (Thomas-Brans et al., 2022). This work 
resulted in a protocol to help forensic experts identify the element 
causing the failure of the SD medium. As detailed in the paper, when di- 
agnosing a medium, whether SD or MMC, the use of the diagram helps 
to orientate the expert. Using a combination of optical, thermal and 
X-Ray analysis, acoustic scanning, electrical tests and chemical decap- 
sulation, it is possible to determine whether the failure is in the memory 
chip, the controller or the connections between them. 

Based on the knowledge of these three potential points of failure for 
data integrity, it is possible to deduce that: 


+ defect in the memory chips is irreversible. The memory chips which 
contain the data are complex circuits, sensitive to electrical and 
mechanical stress. To our knowledge, it is currently unfeasible to 
repair resulting defects in electronic dies, because of the micromet- 
ric size of the elements. 

defect on the connections between the chips is repairable. To en- 
sure the connection between the different chips, an MMC system 
is composed of a Printed Circuit Board (PCB), bonding wires and 
dies. As demonstrated by the work done on conductive and insu- 
lating adhesives, it is possible to repair bonding wires (Heckmann 
et al., 2019, 2017) and PCB tracks. 

defect in the controller results in the data being inaccessible even 
though they are still physically present on the medium. Commer- 
cial solutions from ACElab and Rusolut allow the data to be re- 


Forensic Science International: Digital Investigation 48 (2024) 301698 


trieved, but supported mediums are limited. They also require 
some knowledge of the references of the chips used. Additionally, 
during forensic examinations, the medium can be intentionally or 
unintentionally damaged, which can alter debugging pads. As a re- 
sult, commercial solutions can become impractical without expert 
knowledge. 


Taking into account the remarks of the three scenarios, it is relevant 
to work on the extraction of data suffering a controller failure. Some 
commercial solutions are able to perform this task, but they require 
working with known MMGs. In many cases of digital forensic expertise, 
they did not support the required storage mediums. Thus, this article 
presents a case study representative of the work carried out to extract 
data from a microSD card with a controller that has failed. 


1.2. Contributions 


The main contribution of this paper is the presentation of a case 
study for interacting with the internal memories of MMC components 
with a controller in failure. An initial search revealed the existence of 
companies offering commercial solutions to the problem, but the list of 
supported medium was limited. The authors’ approach was to identify 
the various blocking points for extracting data directly into memory, 
then identify the material needs to solve issues. The result of a case 
study is an approach that can be used as a basis for standardisation. 

Our additional contributions are as follows: 


Giving background on the internal structure of a medium to find 
out how to interconnect with the memory. 

Pre-identifying the internal signals of the memory to facilitate fu- 
ture interaction with it. 

Identifying the references of the internal memories chips of the 
MMC medium when there are no marking on them. 

Implementing a technique for in situ memory reading when com- 
mercial solutions are not compatible. 


1.3. Structure 


This paper is structured as follows: section 2 presents in greater de- 
tail the internal architecture of a MMC from a hardware point of view 
in subsection 2.1. Internal communication protocols and error correc- 
tion are discussed in subsection 2.2. Section 3 discusses techniques for 
understanding and identifying interconnections between the controller 
and the medium-specific memory. The aim is to facilitate interaction 
with the memory chip in Man-In-The-Middle mode. Section 3.3 illus- 
trates the information feedback from the initialization of the memory 
to the reading of its contents. Section 4 deals with mathematical proce- 
dures involved in reconstructing the system from the information stored 
in the memory. Section 5 concludes the paper. 


2. Functional overview of a MultiMedia Card 
2.1. Architecture of a MMC 


The design of an MMC-type medium is based on a common technol- 
ogy for all SD, microSD, eMMC or UFS products. They consist of one or 
more Not-AND (NAND) flash memory chips for data storage and a con- 
troller that interfaces between the memories and the host. The memory 
chips and controller are standardized components that are manufac- 
tured by several companies such as Samsung, Intel, Toshiba or Sandisk. 
The internal connection of the chips is made by a PCB containing two 
to four layers of copper. 

The power supply of MMC medium is provided by the host. For 
medium such as eMMCs, there are two voltages supplied by the host 
(i.e. 1.8 V and 3.3 V). For medium with fewer pins, such as SD cards, 
microSD cards and USB sticks, there is only one power supply provided 
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Memory 


Fig. 2. Optical view of the microSD card after laser and chemical opening, 
exposing dice and passives. 


by the host. For SD standard medium, the voltage is 3.3 V, while for 
USB standard medium, the supply voltage is 5 V. In this case, the MMC 
medium converts voltages internally using passive components. These 
passive components can be observed in Fig. 2, which shows an optical 
view of a microSD card after chemical opening. They are also visible on 
the X-Rays view of another microSD card in Fig. 3. 

At the beginning of the section, it is stated that memories and con- 
trollers are standardised components according to ONFI and JEDEC 
standards. This gives MMC manufacturers more flexibility. To design 
a microSD card with a capacity of 64 GB, the number and intrinsic ca- 
pacity of the memory chips can vary from one medium to another. The 
manufacturer can obtain 64 GB with a single chip, with two 32 GB chips 
or even with eight 8 GB chips. The only limit to the number of chips 
is the number of CE (Chip Enable) signals available on the controller 
(as presented section 2.4). The internal design of the MMC support will 
be transparent to the host, which will only have information about the 
overall capacity. 

A final aspect to consider concerning medium is the presence or 
absence of debugging pads. These are pads in the PCB design that allow 
testing or programming of components during manufacture (Fig. 4). 

There exist various debugging pad arrays, whose shape and position 
are commonly used by manufacturers. However, there are no standards 
for positioning the signals on the pads. Furthermore, they are absent 
on certain MMC medium. Under such circumstances, it is necessary to 
find another approach to establishing communication with the internal 
components, such as using the vias on the PCB (as presented in the 
section 3.2). 


2.2. Flash memory protocol 
Flash memory holds the stored data in its “cells”. A memory cell 


is basically a floating gate transistor, whose state is determined by its 
threshold voltage. The threshold voltage of a floating gate transistor is 
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Fig. 3. X-Ray view of a microSD card: positioning and linking of the dice on the 
PCB. 


Fig. 4. Optical view of debugging pads on a SD card after varnish polishing. 


determined by the amount of charges stored in its floating gate. For SLC 
(Single Level Cell) NAND flash memory, the stored value of a cell can 
be either 0 or 1. If there exist no charge in the floating gate, then the 
value is 1. In contrast, when a voltage is programmed and applied to 
the control gate resulting in the entrapment of charges in the floating 
gate, the stored data is 0. With the need of lowering the cost-per-bit 
and storing more data in one memory die, nowadays MLC (Multi Level 
Cell) or TLC (Triple Level Cell) technologies are commonly used in the 
manufacturing of NAND flash memory. MLC and TLC cells store 2 bits 
(i.e. ObOO to 0b11) or 3 bits (i.e. ObOOO to 0b111) of data in a cell, 
respectively. 

The simplified structure of a MLC NAND flash memory cell is shown 
in Fig. 5. Once charge is trapped in the floating gate, a higher voltage is 
required to turn on the transistor. The voltage of the control gate, Vcg, 
to turn on the transistor is called threshold voltage (Vth in Fig. 5). In 
this case, the current, Ids, can flow between the source and the drain 
of the transistor. Therefore, the stored data can be read by applying 
the voltage between the threshold voltage of each state and checking if 
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Stored Data: 


Vth(00) Vth(10) Veg{V] 
Fig. 5. An MLC NAND flash memory cell, showing how the amount of charges 
in the floating gate determines the threshold voltage and the data stored in the 
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Fig. 6. Model threshold voltage distribution of MLC NAND flash memory cells. 
Cells in shadowed area produce bit errors. 


the current flows. This voltage is called the reading voltage (Vread in 
Fig. 6). 


2.3. Flash error management 


Flash memory has a limited lifetime due to the wear of the insulating 
oxide. Each time the data are stored and erased, the charges go through 
the oxide layer. After repeating operations, the oxide layer is known to 
be worn out. Once the oxide layer is worn out, the stored charges in the 
floating gate can leak through it back to substrate. Loss of charges on 
a floating gate will reduce the threshold voltage of the cell. Therefore, 
when the reading voltage is applied, the data is read out as a different 
value (e.g., from Ob01 to 0b11 as illustrated Fig. 6), causing a bit error. 

To maintain data integrity of data stored in the flash memory, 
flash memory controllers are required to implement an error correction 
mechanism. Error correction code (ECC) is most commonly used solu- 
tion. To ensure data integrity during storage, the ECC is computed for 
each block of data, and stored with the original data to the flash mem- 
ory. The error correction capability varies by the controller, however 
the minimum required capability is defined by the flash memory man- 
ufacturer. One of the most commonly used ECC by the flash memory 
controllers is called BCH code. The BCH code is known to be efficient 
in fulfilling the required error correction capability for flash memory. 
For example, a BCH code with a code length as short as 90 bytes can be 
used to correct up to 48 bits of errors per 2 Kbytes of data. Those are 
the parameters used in real MLC flash memory devices. 

Under normal usage, this ECC corrects the internal bit errors so that 
the system works normally. However, if more than 49 bits of data are er- 
roneous in the encoded 2 Kbytes of data, the errors cannot be corrected, 
causing system errors. In other words, if the flash memory cells are 
excessively worn out and the number of errors exceeds the correction 
capability of the ECC, the data in the target block become uncorrectable 
via regular ECC correction. In the worst-case scenario, if this defective 
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Table 1 
ONFI NAND flash memory basic signals from memory 
chip perspective. 


Pin Name* Input/Output Description 

+ WP_n Input Write Protect 

ALE Input Address Latch Enable 
CEn Input Chip Enable 

WE Input Write Enable 

R/Bn Output Ready/Busy 

REn Input Read Enable 

CLE Input Command Latch Enable 
10[7:0] Input/Output Data Input/Output 


* “n” after the signal name indicates that the signal is ac- 
tive low. 


block contains the boot sector of a system, the device is not be able to 
boot. To prevent this situation, work has been carried out to correct 
memory reading errors not supported by the ECC. This work targeted 
the flash boot memory of the Google Home (Barral et al., 2022). The 
equivalent of this scenario for an MMC would be a defective block of 
data containing the memory partition table. The host would no longer 
have access to the structure of the memory contents and would propose 
formatting the medium. In a less catastrophic scenario, if the faulty 
block is located on the data of a file, the host will no longer be able to 
read this specific file correctly. 


2.4, Flash memory control signals 


NAND flash memories are based on state machines described in 
the ONFI standard (Workgroup, 2017). To operate, several control sig- 
nals and a data bus are used. Each control signal has its own function, 
described in Table 1. To move from a state to another on the state ma- 
chine, the controller needs to send a request to the memory. This is a 
combination of code on the data bus validate by control signals. The 
memory’s response to the request is also sent on the data bus and is 
also validated by control signals. 

The first condition for the controller to send a request to the mem- 
ory chip is to activate it. This is performed by pulling down the signal 
CE_n to obtain a ‘0’ value. If the MMC medium is composed of several 
memory dies, there will be as many CE_n as there are memories, allow- 
ing the controller to choose which chip it communicates with. Requests 
are generally composed of a first command following by an address 
value, as illustrated with the READ _ID function in Fig. 23. For some re- 
quest function, another command encompasses addresses values, such 
as the READ_PAGE function describe on the ONFI standard (Workgroup, 
2017). According to the Table 1, commands are validated by pulling up 
the CLE signal, whereas addresses are validated by pulling up the ALE 
signal. In the case of a request from the controller to the memory, com- 
mands and addresses are validated with a rising edge of the WE signal. 
Memory responses are validated by the controller on a rising edge of 
the RE signal. The memory uses the R/B_n signal to indicate its status, 
especially when the data bus is ready. 


3. Reverse engineering of MMC 


This section presents a case study, starting with a presentation of 
the sample and its state. The sample selected for this study is a mi- 
croSD card, which is not recognised by a host. An initial diagnostic 
phase was carried out according to the protocol described in the publi- 
cation (Thomas-Brans et al., 2022). At the end of the diagnostic stages, 
no structural defect was detected. This opens up the possibility of a de- 
fect in one of the chips, in accordance with the points mentioned in 
section 1.1. During the diagnostic phase, 2D and 3D X-Rays imaging 
was carried out. These views highlighted the absence of debug pads on 
the back of the microSD card. As a result, it cannot be processed by 
commercial tools, making it an ideal candidate for developing the case 
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(a) Optical view 


(b) X-Ray view 


Fig. 7. Identification of microSD card debugging pads. 


study. To prepare for advanced diagnosis, which may involve reading 
the memory in situ, several preparatory steps must be completed. 

To reverse engineer a MCC, it is worthwhile to acquire an under- 
standing of both the internal structure of the medium in question (pre- 
sented in section 2.1) and the protocols used (presented in section 2.4). 
The process of reverse engineering can be split into three stages: 


* The preparatory work (section 3.1) consisting of an initial study 
of the medium with non-invasive techniques (e.g. X-Rays, optical). 
From a 3D X-Ray reconstruction, it is possible to study the internal 
connections of the PCB to find an alternative to debug pads. The 
aim is to identify access points for all the signals in the NAND flash 
protocol. 

The interconnection (section 3.2) with the target based on the ini- 
tial study. Once the signals have been identified, a solution for 
connecting to the vias has to be found. There are commercial so- 
lutions, presented in section 3.2.1, which are incompatible with 
the need for mobility during processing. The interconnection state 
therefore involves developing a mobile and reliable solution. 

The exploitation (section 3.3) of the medium to diagnose and ex- 
tract it. The aim is to find the configuration of the internal signals 
while validating the correct operation of the chips. If the memory 
chip is functioning correctly, it will be possible to read it using the 
set-up that has been established. 


3.1. Preparatory work 


As previously stated, the aim of the preparatory work is to define 
the access point for exchanges with the memory. First of all, it is nec- 
essary to observe if there are debugging pads. The most efficient way 
is to use a binocular with a direct or grazing light to see if reliefs are 
identifiable (Fig. 7a). Sometimes, the thickness of the varnish or resin 
is also important, then it is not possible to observe the copper layer of 
the PCB. The best way is to use 2D or 3D X-Rays observation to find the 
pads (Fig. 7b). 

If they are not enough debugging pads, an alternative solution need 
to be use for connection. The PCB of a MMC is composed of two layers 
of copper with tracks and vias. In this case, the probability of the sig- 
nals being on the two surfaces of the PCB is greater, thus it’s possible 
to find a via to connect. The dimensions of the elements are also impor- 
tant. A track has a much smaller dimension than a via, which measures 
around 0.3 mm. When performing manual operations, regardless of the 
technique employed, a larger working area is generally more desirable. 
Therefore, in order of priority, a pad should be used first, followed by a 
via and a track as a last resort option. 

There are no debugging pads on the medium used for this case study, 
so operation must be performed on vias. The best way to understand the 
function of each track and locate the vias that will be useful, is to use the 
3D X-Ray view. The first step is to locate the chips and recognise the 
controller and the memory. Considering that the controller interfaces 
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Fig. 8. X-Ray view of power and ground bondings highlighted. (For interpreta- 
tion of the colours in the figure(s), the reader is referred to the web version of 
this article.) 


between the host and the memory, it needs to communicate using two 
different protocols (i.e. USB, UFS, eMMC or SD protocol and NAND 
protocol). Therefore, the controller has more bonding wires than the 
memory. 

To acquire communications between the host and the controller, it 
is possible to interconnect directly to the external port of the microSD 
card. To acquire communications between the controller and the mem- 
ory, it is necessary to connect to the vias on the PCB. As presented in 
the section 2.4, there are three distinct categories of signals for the ex- 
change between the controller and the memory. As a reminder, the roles 
and implications are as follows: 


* The power supplies that provide the various voltages to the mem- 
ory chip, as well as the ground. These signals are easily identifiable 
because they are connected to several points, therefore on sev- 
eral bondings. During the signal identification phase, it is easy to 
identify the links and therefore, the pins intended for the power 
supplies. 

The data signals are commonly organised into a bus of four or eight 
lines. There are power supplies bondings nearby the signals be- 
cause the memory component requires a high power during the 
writing phase. 

The control signals are less demanding in terms of positioning, 
however, a certain logic should be used, as mentioned in the fol- 
lowing part. 


By analyzing a 3D X-Ray image, it is possible to deduce the position 
of some signals. As the controller uses two distinct protocols while the 
memory uses only one, it is preferable to focus on the memories. Firstly, 
we need to identify the power signals, following lines from the external 
port. On Fig. 8, the bondings that are linked to the ground plane are 
coloured in blue. Another plane for the power supply is highlighted in 
red. 

Once the power supplies have been identified, several groups of 
bonding wires appear. There are three groups of four bondings and one 
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Fig. 9. X-Ray view with groups of bondings for IO and controls highlighted. 


Vec ot O 48 þh Vss 
Vss 2 47 NC 
NC d 3 46 p VssQ 
NC 4 45 D VecQ 
NC g5 44 DQ7 
RY/BY 1 o 6 43 DQ6 
RY /BYO d 7 42 E DQ5 
RE 8 41 P DQ4 
Ch g9 40 p VssQ 
CEI o 10 39 h VccQ 
NC 4 11 38 p VccQ 
Vec 12 37 B Vec 
Vss g 13 36 P Vss 
NC g 14 35 Das 
NC g 15 34 : VccQ 
CLE 16 33 VssQ 
ALE 17 32 b DQ3 
WE q 18 31 DQ2 
WP q 19 30 p DQ1 
NC 20 29 DQO 
NC g 21 28 p VccQ 
VPP 22 27 VssQ 
Vss d 23 26 NC 
Vec 24 25 Vss 


Fig. 10. Pinout of a NAND Flash from a datasheet (Toshiba, 2013). 


group of three bondings. Based on the description of the signals in terms 
of their number and dependencies, the group of three bondings is likely 
to be control signals. The two groups of four bondings on the center are 
probably data due to their proximity to the power lines. This would im- 
ply that the last group corresponds to the other control outputs. With 
these information, it is possible to update the Fig. 9. 

The flash memories used in MMC are the same memory chips used 
individually. Therefore, it is possible to compare it with a flash mem- 
ory in a Thin Small Outline Package (TSOP), given that the pinout is 
documented. First, the component is imaged using X-rays (Fig. 11). In 
Fig. 10, it is possible to see that a component in a TSOP package has 
pins on both sides of the package. On the X-Ray view, it can be ob- 
served that bondings of the memory are located on the same side. The 
tracks between the pins of the component and the bonding can be easily 
followed in order to assign them a specific role (Fig. 11). The identifi- 
cation of all the signals reveals groups at the bonding level, as for the 
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Controller 


Fig. 12. Proposal for the bonding positioning of the analyzed microSD card. 


microSD card in the study. A parallel can be made to assign a function 
(i.e. controls or data) to each group of signals identified on the Fig. 9. 

To take the hypothesis a step further, an order can be estimated for 
the control signals and data, based on the X-Ray view of the TSOP. On 
the TSOP, the R/B, RE and CE signals compose, in this order, the group 
of three bondings. Following the same order, the CLE, ALE, WE and 
WP signals compose the group of the last four controls. The data are in 
groups of four from I7 to 14 and from I3 to 10. These assumptions are 
shown in the X-Ray view (Fig. 12). They may be important for the next 
phases. 

On the previous step, each bonding has a function allocated and the 
reverse engineering of the PCB has been performed from the 3D X-Ray 
view. The function of each bonding is replicated on a corresponding 
via. The result of the reverse engineering can be found in Fig. 13. In 
this example, when the reverse engineering was performed on the 3D 
X-Ray view, the pin C7 was available on the external layer of the PCB 
through a via. Fortunately, according to the hypothesis of the control 
signal order, the pin C7 may be the R/B signal which is useless for the in 
situ reading. The next steps will consist of creating the interconnection 
on the highlighted via to prepare the diagnosis. 
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Fig. 13. Highlighted vias after reverse of the tracks between the memory and 
the controller. 


Fig. 14. Spiderboard by ACELab (A. team, 2017). 


3.2. Interconnection 


After identifying the pads or vias to interconnect, the links to inter- 
cept exchanges must be physically made. There are several commercial 
solutions based on probes. Due to the context of the digital forensic, 
the evidence must be moved regularly between each operation. In these 
conditions, commercial solutions are not optimal, requiring an “home- 
made” solution for sample processing. 


3.2.1. Commercial interceptors 

There are tree professional commercial solutions sold in Europa to 
intercept the signals between the flash controller and the flash mem- 
ory (i.e. Spiderboard (ACELab, 2023), PCBite (Sensepeek, 2023), and 
Rusolut (2023) monolithic microSD/SD/UFD adaptors. The solution of 
the Spiderboard (Fig. 14) is based on needles positioned at points of in- 
terest. This solution is difficult to relocate, as vibrations can cause the 
probes to shift. PCBite is based on the same concept of probes positioned 
by the technician, with the same problems. The Rusolut monolithic 
adaptors can be useful, as it is a solution based on pogopins. There 
are two constraints to this solution. The microSD card must have debug 
pads and the adapter is not configurable. A new adapter will have to be 
purchased for each card design. 
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Fig. 15. Digit Concept Sesame Laser SLP500 (D. Concept, 2022). 


3.2.2. Non-commercial interceptors 
The creation of a customised solution for each medium is governed 
by three principles: 


e Although unique, the adaptations to be made to process another 
media must be minimal. 

When probes are placed on signals, there is a risk of interference. 
To reduce this risk, the number and size of wires should be reduced 
and PCBs with tracks should be preferred. More generally, the sig- 
nal under study should be as close as possible to the drive. 

logic analyser will have to be used to diagnose the chips, then 
switched to a flash reader if the chip is functional. The solution 
chosen must be versatile. 


For these three reasons, the preferred solution was to create a home- 
made PCB. The creation of this PCB enables minimal modifications to 
be made to each new medium to be processed and to provide several 
different connections for a logic analyser or reader. In addition, connec- 
tions made with conductive glue reduce the risk of disturbing the signals 
observed. The solution adopted for assembly is to remove the varnish 
locally at the exact location of the vias to be connected. The card will 
be glued to the back of a PCB on the side containing the communica- 
tion port with the host. The PCB will have openings exactly where the 
vias are located. Conductive glue will pass through the PCB to make the 
connection between the via and the front of the PCB. The SD communi- 
cation port will be soldered to the PCB. To make it easier to remove the 
glue, a thin PCB should be used. In fact, it is planned to minimise the 
thickness of the PCB as much as possible where the card will be posi- 
tioned. To create the assembly, it is necessary to take the dimensions of 
the medium (i.e. size, positions of the internal and external bus points 
of interest). These measurements are used to place the medium on the 
good position of the interconnect openings. 

In parallel with the PCB design, the medium must be prepared. The 
chosen solution is laser ablation of the resin to achieve precise access to 
the copper level. An example of equipment that can be used is a Digit 
Concept Sesame Laser (Fig. 15). This equipment, based on a 1064 nm 
infrared laser with a maximum power of 10 W, can engrave a precise 
area of at least 50 um in size. To assist the operator in positioning the 
etch, it is possible to overlay the sample with a 2D X-Ray acquisition. 
The X-Ray view enables accurate positioning of the machining points 
on the MMC substrate, which allows for a laser aperture to be created 
a hole of 150 um of diameter to access a via with a size of 300 um of 
diameter. A localized aperture by keeping the resin around the points 
of interest will make short circuits between signals impossible. 
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(a) Bottom layer of the PCB (b) Top layer of the PCB 


Fig. 16. Front side view of the design of the homemade PCB for interconnect 
the MMC. 


2) 5 ATMS pSDcard 
(a) View of the microSD card after 
varnish removal of interested vias 
by laser 


(b) View of the homemade PCB 


Fig. 17. Example of MMC and the corresponding PCB before gluing. 


The technology used to develop the board is a double-layer PCB. 
This means that there are two layers of copper separated by a layer of 
insulating glass fibre. As mentioned earlier, to facilitate the removal of 
the conductive adhesive, a thin PCB must be selected. A PCB thickness 
of 0.4 mm will make it easier to apply the conductive glue. It will be 
thinned where the board will be glued. For a 0.4 mm thick PCB, a 
shrinkage of 0.25 mm will leave 0.15 mm where the card will be. Fig. 16 
shows the routing files called gerber files. In Fig. 16a, the black area in 
the center is the thinned area used to accommodate the microSD card. 
Fig. 16b shows the routing of the tracks with the openings for the glue 
to pass through and for the SD port to be connected, as well as the 
routing of the tracks to the terminal blocks used for reading. 

To manufacture the PCB, a dedicated Computer Numerical Control 
(CNC) machine can be used to drill, mill or machine a substrate plate. 
Once the MMC medium is prepared (Fig. 17a), the PCB (Fig. 17b) and 
the MMC medium can be assembled. To do this, the substrate is glued to 
the PCB using a commercial “superglue” insulating glue. It is interesting 
because it degrades at 90°C, so the assembly can easily be dismantled 
after the work. 

Once the medium is fixed on the PCB, the last step of the prepa- 
ration consists in making the electrical connections. To achieve this 
objective, the chosen solution is a conductive adhesive as studied in pre- 
vious work (Heckmann et al., 2017). By using a conductive glue with a 
medium viscosity, about 5000 cps, its remains confined close to the via. 
This operation is efficient especially if the laser openings are made on a 
localised area (as illustrated Fig. 18). The objective is to cover the via, 
a wall of the hole and the copper track. To achieve this, the step can be 
performed by several iterations of heating and glue deposition. A final 
validation on each connection need to be made by checking the diodes 
between tracks and ground (Thomas-Brans et al., 2022). After fixing the 
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Fig. 18. Example of an MMC assembly to the PCB using conductive glue link. 
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Fig. 19. The setup used to read the host-driven medium with host and memory 
frame acquisition. 


connection with the via, the PCB is completed by connecting the MMC 
to the corresponding pads with copper wire, and by attaching headers. 


3.2.3. Reading setup 

The setup used to develop the method is not the final setup. To 
perform the tests, a standard microSD with debug pads was used. A mi- 
croSD NAND Monolithic MR24 adapter (multi com, 2023) from Multi- 
Com (multi-com.eu, 2023) was used to connect to the microSD card. It 
will be replaced by the PCB for use with the microSD card in the case 
study. The rest of the setup remains the same as in Fig. 19. 

To communicate with the MMC system by the SD protocol, a con- 
ventional SD card reader can be used. The protocol SD will be acquired 
by a Saleae Logic Pro 8 and the protocol NAND flash by a Saleae Logic 
Pro 16. There are multiple commercial readers available that can han- 
dle memories with MMC-type protocols. For the NAND protocol, the 
choice is more limited. For the case of study, the EASYJTAG reader 
(Fig. 20) has been selected as it is versatile and regularly used in the 
forensic community. 
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Fig. 20. An EASYJTAG box used to read the e€MMC/SD or NAND components 
(z3x team, 2023). 


3.3. Exploitation of the memory 


The memory operation phase consists of observing the internal ex- 
changes coming from the host. If the memory responds correctly, the 
internal frames must be analysed to confirm the order of the signals as- 
sumed in the section 3.1. During the initialization phase of the MMC 
medium by the host, several behaviours can be observed on internal 
bus using the logic analyzer: 


1. No action is performed by the controller when the host sends a 
command. It is in fault but it is not possible to deduce for the mem- 
ory. Although it has not been possible to diagnose the memory or 
confirm the order of the signals, an attempt can be made to read 
the memory. It will be necessary to keep to the assumptions made 
in section 3.1. 

2. The controller processes the command and interrogates the mem- 
ory, which either does not react or returns an erroneous response. 
The memory is defective so the read operations will be more com- 
plex, as discussed in the section 4. 

3. The controller processes the command and interrogates the mem- 
ory, which responds correctly. Then, the controller transfers the 
answer, but with errors. This means that the memory is functional, 
but the controller is faulty. This is the most favourable situation, as 
it will be possible to study the frames to confirm the order of the 
signals. 


To validate the state of the card, frame acquisitions must be per- 
formed using the logic analyser. The result of the initialization of the 
microSD card by the reader can be seen in Fig. 21. To prepare for the 
study, the software was configured according to the assumptions made 
about the function of the signals. The IO signals are positioned at the 
bottom and the control signals are located at the top. 

By browsing through the time axis of the chronogram, it is possible 
to identify specific behaviour of certain signals. The Chip Enable (CE) 
signal, which validates the activity of a memory chip, must achieve a 
lower value before any command could be sent. According to the stan- 
dards, this signal must stay at the logical low value during the entire 
exchange between the controller and the memory. Thus, when examin- 
ing the frames (Fig. 22), it is possible to identify the CE signal. 

The next step is to search for either the Reset function or the Read ID 
function in the chronogram. Generally, the memory initialization chain 
by the controller uses both functions successively. Now that both frames 
have been located, it is possible to study them to validate the function 
of the signals. As mentioned in the section 2.4, the operation of the 
flash protocol is based on a state machine. To validate commands, the 
signals are requested in a precise order and at a precise state. When the 
memory receives a command, if the combination is not intelligible, it 
is dropped. For the Reset command, the combination is summarised in 
Table 2. 

According to the Table 2, the Reset command uses the Write Enable 
(WE) and Command Latch Enable (CLE) control signals and the IOs. As 
the Address Latch Enable (ALE) and Read Enable (RE) signals are not 
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Fig. 21. Chronogram of the start of exchanges between the controller and the 
memory on the medium using the Saleae logic analyzer. 
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Fig. 22. Zoom on the chronogram to identify the VCC signals and the Chip 
Enable (CE) using the Saleae logic analyzer. 
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Table 2 
Interpretation of the single round of the Reset frame. 
Coinand Logical value of controls 10 
CLE ALE WE RE 7-0 
Round 1 1 0 Tt 1 FFh 
‘1’: high level, ‘0’: low level, ‘f: rising edge. 
Table 3 
Interpretation of the Read ID frame rounds. 
Contnand Logical value of controls 10 
CLE ALE WE RE 7 6-5 4 3-0 
Round 1 1 0 tT 1 1 0 1 0 
Round 2 0 1 tT 1 0 0 0 0 


‘T’ high level, ‘0’ low level, f rising edge. 


Fig. 23. Focus on the Read ID command to identify all signals with the Saleae 
logic analyzer. 


Table 4 
Signification of the different rounds of the 
memory ID. 

Round ID Signification 

1 98h Manufacturer 

2 DCh Device 

3 84h Number of Cell and chip 

4 ASh Block and Pages size 

5 60h Number of plane 


used, it is preferable to search for the READ_ID frame. Similarly, the 
IO value for a Reset command is FFh, which means that all eight IOs 
are at the logical high value. Therefore, it is impossible to differentiate 
the IOs to determine the bus order. The combination corresponding to 
the READ _ID is summarised in Table 3. It uses the value 90h on the 
IOs, using IO7 and 104 at logical high value only. This combination is 
more favourable for confirming the bus order, as is the response from 
memory, which will provide more information. The READ_ID operation 
is located in the global frame (Fig. 23). 

The response of the memory is a determining factor in whether it is 
functional. The ID of a NAND flash memory contains useful information. 
According to the standard, it is made up of 5 rounds, as described in 
the Table 4. Round 1 is the first visible on the chronogram (Fig. 23) 
and corresponds to the manufacturer of the memory. As these codes 
are referenced (Norris, 2011), this round will be used in the rest of the 
analysis. The other rounds provide useful information when it comes to 
configuring the reader for in situ memory reading. For example, round 
4 contains the size of memory pages and blocks. 

In the case studied, although the READ _ID command gave informa- 
tion about the bus order, there are still four possible combinations for 
definitive validation. Table 5 shows the four possible IO combinations 
according to the chronogram in Fig. 23. For each IO combination, the 
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Table 5 
Comparative table of possible combinations for the IDs iden- 
tified during the exchanges. 


Combination Hex 
7 6 5 4 3 2 1 0 
I 1 0 0 1 1 0 0 0 98h 
2 0 0 0 1 1 0 0 1 19h 
3 1 0 0 1 0 0 0 1 91h 
4 1 0 0 0 1 0 0 1 89h 
‘T’ high level, ‘0’ low level. 
Table 6 
Translation of the values at different rounds of the mem- 
ory ID. 
Round 19 Hex 
F 6 5 4 3 2 1 0 
1 1 0 0 1 1 0 0 0 98h 
2 1 1 0 1 1 1 0 0 DCh 
3 1 0 0 0 0 1 0 0 84h 
4 1 0 1 0 0 1 0 1 A5h 
5 0 1 1 0 0 0 0 0 60h 
6 0 0 0 1 0 0 1 0 12h 
7 0 0 0 0 1 1 0 0 OCh 
‘T’ high level, ‘0’ low level. 
Table 7 
Interpretation of the different rounds of the 
memory ID. 
Reference Signification 
TC58 Single Chip memory 
N NAND flash 
Vv 3.3.V 
G2 4 GB 
D 2 bits per cell 
4 bus size page size block size 
8 bits 2 kB 256 kB 


hexadecimal value is calculated and compared with the list of man- 
ufacturer IDs (Norris, 2011). Only one plausible combination can be 
deduced. In this case, the ID would be 98h. The memory brand is there- 
fore Toshiba, which corresponds to the IO 1 combination in the table. 
If the ID value doesn’t match the manufacturer’s ID list, it could mean 
that the manufacturer isn’t listed, but more likely the memory is faulty. 
If the memory reacts badly during the initialisation phase, this means 
that its internal state machine is damaged. The probability of success- 
fully passing the memory initialisation stage or even being able to read 
pages is very low, so the data is considered lost. 

Considering that the memory under study is a Toshiba memory, a 
cross-search between the memory brand and its ID can be performed to 
find the datasheet. From this document, it will be possible to find the ID 
correspondence table, giving access to the read parameters. For Toshiba 
memory, the ID values from the chronogram (Fig. 23) are translated 
into the Table 6. The part number and the ID values can be translated 
to obtain information for reading (Table 7). 

To summarise the information and parameters of the card studied, it 
has a capacity of 4 GB. It consists of a single Toshiba memory chip with 
a part number TC58NVG2D4CTGO0. The memory seems to be perfectly 
functional, but the controller has a fault. To perform the card read, the 
reader must be configured for page sizes of 2 kB and block sizes of 128 
pages, i.e. 256 kB. This information will also be used to reformat the 
data. 

The methodology used allowed to confirm that the memory was in 
working order, as well as the reader’s parameters. Once the reading is 
complete, a post-processing phase must be performed. It is necessary to 
consider the ECCs (section 2.3) and attempt to correct errors mathemat- 
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ically (Barral et al., 2022). It is also necessary to eliminate a possible 
XOR applied by the controller to the data, and then subsequently to an- 
alyze the spares of the pages to ascertain their sequential arrangement 
and reconstruct a coherent file system. This task can be performed man- 
ually, however data recovery tools, like commercial ones from ACELab 
or Rusolut, are also available to facilitate the process. 


4. Discussion 


This paper presents a technique to perform in situ data recovery on 
impaired/damaged MultiMedia Memory Cards. This methodology is de- 
signed to assist users in retrieving the contents of the MMC, even in 
situations where the embedded controller fails, provided that the mem- 
ory component remains functional. Even though some commercial tools 
may be capable of addressing this scenario (PC-3000 Flash (ACELab, 
2023), PCBite (Sensepeek, 2023) and Rusolut eMMC-NAND Reconstruc- 
tor (Rusolut, 2023)), they might not support one of the components 
of the MMC (e.g., controller, memory, debug pinout). In such cases, 
manual data extraction is the most viable alternative, thus the util- 
ity of the proposed methodology developed by authors. In the case 
that both the memory component and controller are faulty, the data 
can still be read by directly scanning or probing directly the memory 
cells. As demonstrated in other scientific work, this can be through the 
utilisation of passive voltage contrast (Courbon et al., 2017), scanning 
capacitance microscopy (Tay et al., 2022) or atomic force microscopy 
(AFM) (Konopinski, 2013). All these techniques require specific prepa- 
ration of the substrate. It is necessary to have access to the back or 
front of the device as closely as possible to the transistors. This requires 
a preparation of the sample for passive voltage contrast, discussed in 
this paper, which necessitate polishing because the use of a plasma is 
destructive for the transistors. This preparation is relatively complex 
because the polishing technique causes defects such as edge effects and 
process inhomogeneity. As the preparation process causes damage to 
the sample, it is important to achieve mastery of the technique prior to 
its implementation on the targeted substrate. Still focusing on passive 
voltage contrast, the use of Scanning Electron Microscopy (SEM) has a 
high degree of efficacy however, lack of control over parameters may 
lead to hazardous outcomes. Indeed, the strength of the electron field on 
the sample can have an etching effect, if not correctly set. In the authors 
show that with the right parameters, this technique is highly effective. 
Although these methods are seemingly advantageous, they involve de- 
layering of the MMC, which can be destructive and should be avoided 
in legal forensics affairs, as it may result in permanent data loss. 


5. Conclusion 


In the context of data forensics in judicial investigations, experts are 
faced with a wide range of storage formats. As the data stored on these 
mediums may be the only evidence available to solve a critical case, 
their preservation is of paramount importance. It is therefore neces- 
sary to adopt a non-invasive approach to examining the medium. Such 
a process must be able to count on polyvalent solutions when com- 
mercial tools are not sufficient. Furthermore, the structure or physical 
state of the medium may vary, making adaptability essential. This ar- 
ticle focuses on the diagnostic and data extraction capabilities of MMC 
medium. It complements previous diagnostic work that may not have 
detected a structural fault. In addition to explaining the different pro- 
tocols, the internal structures of MMC media and an overview of the 
different readers. The main contribution of the article is the develop- 
ment of a solution for in situ communication with an internal NAND 
memory, based on a case study. This work includes a diagnostic phase 
and the reading of the MMC medium in order to identify the state of the 
memory, particularly when the controller is not responding. Finally, the 
main advantage of this technique is that it does not depend on a com- 
mercial reader and, therefore, the presence of a controller-memory pair 
in a database is not necessary. 
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